In a conventional cryptographic file system, the data (or files) are stored encrypted. This is a convenient feature especially if an owner of the files cannot trust the administrator of the server to provide adequate security measures to ensure data privacy. To make the conventional cryptographic file system more user-friendly, users typically try to minimize the number of cryptographic keys used to encrypt the files. Otherwise, the number of cryptographic keys may be equal to the number of files that the owner/user may have on the cryptographic keys, which may make managing the cryptographic keys burdensome, and thereby making the cryptographic file system less user-friendly.
In some cases, users share files in a cryptographic file system by having a copy of the encrypted file and an associated decryption key. In this manner, a user may utilize the associated decryption key to decrypt the received encrypted file for access to the file. However, in some instances, an owner of a file may attempt to prevent a previously authorized user from future access to the file, i.e., revoke a user.
One method for revoking a user is to re-encrypt all the files of the owner with a new cryptographic key. However, re-encrypting all the files is a time-consuming and burdensome task, especially if the owner has encrypted a number of files with the same cryptographic key.
In general, other conventional secure file systems that provide revocation rely on the server checking for user's group membership before granting access. This particular trait requires the servers to store (or cache) information regarding users, which places a high trust requirement on the servers and requires all the servers to maintain this authentication information in a secure and consistent manner.
Other conventional techniques securely send every key update to the user, such that the user is able to decrypt files encrypted with various versions of the key. Unfortunately, the user may fail to receive one or more of the keys. This may be due to the owner being unable to achieve a secure connection to the user when the key updates are provided or simply due to a failure in transferring the new key. In this case, the user is unable to decrypt files for which he lacks the proper key.
Thus, one problem with some conventional methods and systems for providing cryptographic key management is that all of the files need to be re-encrypted with the new key, whenever a new key is needed. Another problem with some conventional methods and systems for providing cryptographic key management is that the user is unable to decrypt files because a new key was not received.